Has anyone else managed to create a customer either via curl or an http post? Specifically using this method:
POST /v1/orgs/:orgSlug/customers

Using curl the response tells me the access token is not associated with the organisation. Http tells me I have not provided the email address (I will debug more to see if I have incorrectly set up the call)

I am not too interested in the curl version, this was mainly to test the flow (but it is interesting that I do not get any tokens back). Could you confirm the values I am sending in the http call - the parameters passed are email and no_pasword?

Although I used curl in the example (that did not return the expected access token), I need to use e.g. HttpParty example above. I appreciate I cannot ask you to debug this, but can you comment on the response I am getting? It indicated I am not providing an email and clearly I am, unless the endpoint is expecting a different name?

Thanks for your assistance here - and I am hoping it will also help those who come upon this further down the line.

Can I also ask for comments on the general plan of attack to implement (two legged auth)

The first release of the service we are building is web based and using an iphone app just to setup the device wifi.

We have done the one time steps of getting a oauth client and stored on the server (using curl) (steps 1-2).
We use a web api call to create the customer (step 3)
Steps 4-6 are taken care of by the app - supply the customers email address (created at step 3) to get a claim code (step 4), set up wifi credentials (step 5) and finally map the user to the device (step 6).

Am I correct in thinking that if I get a user to create an account (and we create the shadow customer) on the website, the mobile app can be implemented to ask the customer to supply their email address and this is all that is required to link the device and setup the device.

Am I correct in thinking that if I get a user to create an account (and we create the shadow customer) on the website, the mobile app can be implemented to ask the customer to supply their email address and this is all that is required to link the device and setup the device.

To answer your question, yes. The only requirement from the customer on our system is an email address. In two-legged auth, you will have your own database of customers (you may call them users) and manage usernames and passwords. As a result, we don’t require you to send us a password for the customer to be saved in the Particle system.

So that is curl sorted. I have directly emailed the request/response for the httparty call that I need to use on the web app version. Hoping we can get this resolved and I will write up the solution and post for others.